Forrester's recent report, The State of Privacy and Cybersecurity, 2022, is aimed at tech executives and leaders formulating privacy and cybersecurity policies for the future. The report looks into current privacy and cybersecurity trends and provides recommendations to organizations. The data presented in the report is based on the results of two surveys:

  1. Forrester's Business Privacy Survey 2021, which had 377 respondents, all privacy decision-makers.
  2. Forrester Analytics Business Technographics Security Survey, 2021, which had 1,211 respondents, all security decision-makers.

The report addresses and provides recommendations for:

  • The challenges privacy and cybersecurity leaders expect to face in the future.
  • Overall goals and priorities of executives going forward.
  • The level of collaboration that currently exists and areas for improvement.
  • The present reporting line in the C-suite.

First, let's examine the recommendations for privacy leaders.

Privacy leaders need to change their perception of privacy regulations

One of the main challenges privacy leaders face is fear. They fear that implementing privacy controls may lead to a lack of innovation, in turn affecting the employee or customer experience. There is a need for change in perspective. Improvement in privacy controls, risk reporting, and better adherence to compliance should be looked at as a way to strengthen customer trust in the organization. Complying with data privacy regulations does not lead to a lack of innovation—it fosters a safer environment for creating cutting-edge user experiences. Over 31% of respondents state a lack of adequate skills to execute this as a challenge, while 29% say it's due to prioritization of risks other than creating bad customer or employee experiences.

There is a also a need to look at data privacy as something beyond a mandatory requirement for compliance reasons. This can begin with addressing it as a part of every department or business function in an organization. Every function generates or stores data, which means every function other than legal or compliance teams needs to develop privacy competencies as well. The survey results show that in terms of collaboration, privacy teams tend to work mostly with IT, security, legal, or data management teams; however, this is set to decrease in the future. For example, currently 67% of their collaboration is with IT teams, which is set to decrease to 42% in the next 12 months. This shows that, with time, privacy will soon become an integral part of every team.

These changes are often a reflection of how things work in the C-suite. Thirty percent of the CPOs that took Forrester's business privacy survey report to CISOs, who in turn report to CIOs. Privacy teams are often interlinked with IT teams for obvious reasons, but this hierarchy often showcases privacy as a pseudo C-level function. This can again affect the overall data privacy efforts of the organization.

Enabling a privacy-friendly environment is key to ensuring the vast amount of data being generated is handled and protected in the best way possible. Prioritizing it as a competency in every team is the way to go, but it's also important to execute this efficiently and quickly. The data pile is only getting larger and so is the attack surface of organizations' networks—and in turn, the probability of data breaches.

For instance, in the past 12 months, 65% of respondents experienced a data breach, with 29% of the attacks rising externally and 20% due to internal threats. The companies that experienced external attacks attribute them to the following reasons:

  • Software vulnerability exploits
  • Third-party breaches
  • Web application exploit
  • Phishing
  • Social Engineering

Which brings us to the next part of the report: cybersecurity.

Here's what the report recommends for cybersecurity executives.

Cybersecurity leaders need to figure out how to deal with a dynamic threat and digital landscape

Technological development is often seen as an indicator of growth, but it comes with its own set of challenges. Cybersecurity leaders struggle with finding a balance between leveraging emerging and existing technologies. Technologies like cloud computing are seeing fast adoption and executives are struggling to find ways to deal with the dynamic nature of threats that come with them. It doesn't come as a surprise that the complexity of the IT environment and changing nature of internal and external threats have been cited as major cybersecurity challenges by 31% and 32% of the executives that took the Forrester Analytics Business Technographics Security Survey.

Key cybersecurity decision-makers have hence prioritized altering their operational strategy, especially during cybersecurity emergencies, like the log4j vulnerability, for example. They also cite their priorities as finding a different approach to attack detection and response, and figuring out how to secure the cloud while making maximum use of the cybersecurity features cloud platforms have to offer.

A few steps businesses could implement in their cybersecurity programs for the future to enhance cloud security include:

  • Using a private cloud.
  • Encrypting data.
  • Monitoring cloud activity.
  • Adopting a shared responsibility model.
  • Setting up a data backup plan.
  • Pen testing regularly.

Data privacy in cloud environments should be prioritized as well. Along with this, tech execs are focused on finding solutions to long-persistent tactical issues like application cybersecurity or cybersecurity analytics.

In order to ensure smooth operations procedures, there is a need for interconnectivity between IT, cybersecurity, and other teams. According to the survey, while IT and cybersecurity functions work well with each other, only 15% of respondents said they collaborated with customer-facing functions like sales. Fortunately, due to the improving stance of CISO roles in the C-suite and the evolving nature of their functionalities, it's relatively easy to make this happen. One way is to have cybersecurity "champions" stationed in each of the customer-facing teams that ensure secure practices are followed during interactions.

Another could be investment in state-of-the-art cybersecurity tools, like a UEBA tool, for example. A UEBA tool can be used to track user behavior constantly and ensures there is a way to detect suspicious activity and stop it before it leads to a bigger data breach.

CISOs, who currently either report to CIOs or play a secondary role at the C level, should continue to work with tech executives to bring forth better cybersecurity policies and measures.

  • Please enter a business email id
  • By clicking 'Read the ebook', you agree to processing of personal data according to the Privacy Policy

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.